gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(crowdsec): Add Facebook/Meta and Ahrefs to whitelist

Browse Source 
Whitelist trusted crawlers to prevent false positive SSRF alerts:
- Facebook/Meta: 69.171.x, 173.252.x, 31.13.x, 157.240.x, etc.
- Ahrefs SEO: 54.39.210.x, 167.114.139.x, 54.36.x

Changed from ip/cidr format to expression format for CrowdSec
compatibility on OpenWrt.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
CyberMind-FR 2026-02-12 05:44:48 +01:00
parent e58f479cd4
commit 41fb86ce47
1 changed files with 32 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
package/secubox/secubox-app-crowdsec-custom/files/parsers/s02-enrich/secubox-whitelist.yaml
View File

@ -1,18 +1,35 @@
# CrowdSec whitelist for SecuBox trusted networks
# Prevents banning of internal/trusted IPs
# Prevents banning of internal/trusted IPs and known crawlers
name: crowdsecurity/secubox-whitelist
description: "Whitelist trusted IPs for SecuBox admin access"
name: secubox/whitelists
description: "SecuBox whitelist for trusted IPs and services"
whitelist:
reason: "SecuBox trusted network"
ip:
# Localhost
- "127.0.0.1"
- "::1"
cidr:
# Private networks (RFC1918)
- "192.168.0.0/16"
- "172.16.0.0/12"
- "10.0.0.0/8"
# Add custom admin IPs here if needed
# - "YOUR_ADMIN_IP/32"
reason: "Trusted services and networks"
expression:
# Local networks (RFC1918)
- evt.Meta.source_ip startsWith "192.168."
- evt.Meta.source_ip startsWith "10."
- evt.Meta.source_ip startsWith "172.16."
- evt.Meta.source_ip startsWith "172.17."
- evt.Meta.source_ip startsWith "172.18."
- evt.Meta.source_ip startsWith "127."
# Facebook/Meta infrastructure
- evt.Meta.source_ip startsWith "69.171."
- evt.Meta.source_ip startsWith "173.252."
- evt.Meta.source_ip startsWith "31.13."
- evt.Meta.source_ip startsWith "157.240."
- evt.Meta.source_ip startsWith "179.60."
- evt.Meta.source_ip startsWith "185.60."
- evt.Meta.source_ip startsWith "204.15.20."
# Ahrefs SEO crawler
- evt.Meta.source_ip startsWith "54.39.210."
- evt.Meta.source_ip startsWith "167.114.139."
- evt.Meta.source_ip startsWith "54.36."
- evt.Meta.source_ip startsWith "195.154."
# Local IPv6
- evt.Meta.source_ip startsWith "fe80:"
- evt.Meta.source_ip startsWith "::1"
- evt.Meta.source_ip startsWith "2a01:e0a:dec:c4e0"